As the sophistication level of communications technology increases, the options for communications service have become more varied. For example, in the last 30 years in the telecommunications industry, personal communications have evolved from a home having a single rotary dial telephone, to a home having multiple telephone, cable and/or fiber optic lines that accommodate both voice and data. Additionally, cellular phones and Wi-Fi have added a mobile element to communications. Similarly, in the entertainment industry, 30 years ago there was only one format for television and this format was transmitted over the air and received via antennas located at homes. This has evolved into both different standards of picture quality such as, standard definition TV (SDTV), enhanced definition TV (EDTV) and high definition TV (HDTV), and more systems for delivery of these different television display formats such as cable and satellite. Additionally, services have grown to become overlapping between these two industries. As these systems continue to evolve in both industries, the service offerings will continue to merge and new services can be expected to be available for a consumer. Also these services will be based on the technical capability to process and output more information, for example as seen in the improvements in the picture quality of programs viewed on televisions, and therefore it is expected that service delivery requirements will continue to rely on more bandwidth being available throughout the network including the “last mile” to the end user.
Another related technology that impacts both the communications and entertainment industries is the Internet. The physical structures of the Internet and associated communication streams have also evolved to handle an increased flow of data. Servers have more memory than ever before, communications links exist that have a higher bandwidth than in the past, processors are faster and more capable and protocols exist to take advantage of these elements. As consumers' usage of the Internet grows, service companies have turned to the Internet (and other Internet Protocol (IP) networks) as a mechanism for providing traditional services. These multimedia services include IP television (IPTV, referring to systems or services that deliver television programs over a network using IP data packets), video on demand (VOD), voice over IP (VoIP), and other web related services received singly or bundled together.
To accommodate the new and different ways in which IP networks are being used to provide various services, new network architectures are being developed and standardized. Internet Multimedia Subsystem (IMS) is an architectural framework utilized for delivering IP multimedia services to an end user. The IMS architecture has evolved into a service-independent topology which uses IP protocols, e.g., Session Initiation Protocol (SIP) signaling, to provide a convergence mechanism for disparate systems. In part this is accomplished via the provision of a horizontal control layer which isolates the access network from the service layer. Among other things, IMS architectures may provide a useful platform for the rollout of IPTV systems and services.
The IMS infrastructure offers several SIP-based services, e.g., security, reliability, routing, and QoS charging, that make it attractive for other purposes. For example, there are ongoing discussions in 3GPP to use IMS for key management in media security. The 3GPP organization is currently conducting a technical study on “IMS Media Security”, as described, for example, in 3GPP TR 33.828: “3rd Generation Partnership Project; Technical Specification Group Services and System Aspects: IMS media plane security”, by collecting requirements and candidate technical solutions for securing media in IMS applications between two or more clients. For example, some of the contributions to this 3GPP study provide for a network function that manages the keys to be distributed and used for media protection. In particular, one of the trust models that is being considered is a model wherein IMS applications are used for National Security, Public Safety, Governmental and Enterprise Communications. In such “mission-critical” scenarios, the requirements on media protection are very high, and are also referred to as “end-to-end security” requirements, in the sense that only the sender, receiver and their organizations shall be able to access the protected media and corresponding keys.
The mission-critical trust model is different than the model used in the consumer market where an IMS operator has control over the IMS applications and their security. In mission-critical applications, there is a new independent actor, namely a third party organization, which is an entity which is different than the operator or the end user, which relies on one or more IMS operators for the media transport, but not for the security aspects of that media transport. Technically, this means that the IMS core infrastructure is managed by the IMS operator(s), whereas the key management function and application server are managed (hosted or externally located) by a third party. The reason behind this arrangement is that for regulatory or commercial reasons, or roaming scenarios, the keys for protecting media are intended to be available only to the communicating parties and the organization, and not to other parties, e.g., the operator.
In OMA, there is ongoing work to distribute location information over a SIP/IP core that, in many cases, will be IMS. For example, OMA is finishing standardizing a location server that can be reached over a SIP-based interface by a location client in a SIP/IP core network that, at least in most cases, will be IMS.
Additionally, in 3GPP, discussions have started to converge IMS and MBMS. For example, in 3GPP SA4 and SA3 have started to investigate the possibilities for a converged architecture for PSS (TS 26.234), MBMS (TS 33.246) and IMS. In the case of aligning MBMS to the IMS security architecture, it is not clear how the broadcast key management required for MBMS shall be handled. In particular, MBMS relies on the GBA architecture, wherein a function called the BM-SC (Broadcast Multicast Service Center) takes the role of the NAF. To access MBMS services, the UE must first establish a shared key with the BSF on the HTTP based Ub reference point, and then authenticate to the BM-SC over the HTTP based Ua reference point, using this shared key as a basis. IMS security is only concerned with access protection from the UE to the P-CSCF, and is not capable of establishing keys between the application servers and the UEs.
Additionally, the HTTP based reference points Ua and Ub are not part of the IMS standard, and do not fit into the IMS architecture. In a liaison statement sent from 3GPP SA4 to 3GPP SA3 (S3-080656), the BSF was included in the converged architecture, but had no reference points attached to it, since it is not known how to accomplish the integration of the BSF in the IMS security architecture. The trust model used in MBMS is also different from what IMS can provide. MBMS requires protection from the BMSC (application server) to the UE, whereas IMS relies on access protection between the UE and the P-CSCF (which may be located in the visited network). The IMS trust model is thus not sufficient for MBMS.
Accordingly, it would be desirable to provide systems and methods which address security issues in such architectures and, more specifically, which enable a client to securely communicate with, and exchange security keys with, an application server in such network architectures.